Steam Christmas day error that revealed users' account details was due to caching issue, says Valve

Christmas day wasn’t the happiest of occasions for Valve. Many users around the world, including me, reported that the store’s homepage was displaying a language other than their own (mine was in Russian). More seriously, the ‘account info’ section of the site was showing information from other users, including email address, purchase history, and how much they had in their Steam wallet.

After certain groups threatened Christmas day attacks on various gaming networks and servers, including Steam, many users believed that this was a hack. As you would expect, a lot of Steam account holders attempted to unlink their Paypal accounts and remove any stored credit card information, although this was something that the Steam Database – an unofficial Steam tracking service – didn’t recommend.

Do NOT attempt to unlink PayPal, remove your credit card details or anything else. Doing so will put you at risk instead.

Valve shut down the Steam store for around an hour while it dealt with the issue. Once it came back online, everything appeared to be fixed, although there was still no word from Valve regarding what happened.

Eventually, Valve sent out a statement. It turns out, just as the Steam Database had theorized, that the problem wasn’t a hack or DDos attack, but was instead related to a caching issue.

"Steam is back up and running without any known issues," said Doug Lombardi, Valve's director of marketing. "As a result of a configuration change earlier today, a caching issue allowed some users to randomly see pages generated for other users for a period of less than an hour.

"This issue has since been resolved. We believe no unauthorized actions were allowed on accounts beyond the viewing of cached page information and no additional action is required by users."

The company also stressed that credit card information and phone numbers were "censored and not visible to users, as required by law." Despite Valve’s words of assurance, the incident is already being called ‘the Steam Winter Fail.’ In light of the large number of data breaches that have occurred recently, as well as the hacking threats aimed at Steam, you have to wonder why the company took so long to release a statement.